# CVE-2025-53772-PoC


CVE-2025-53772 ISS - Web Deploy Remote Code Execution Vulnerability Exploit

NOTICE: This tool is provided for EDUCATIONAL PURPOSES and AUTHORIZED TESTING

Attack Vector
This metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.

Attack Complexity
This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.

is a new kind of software built for a new kind of war. Version 3.2.0.0 introduces the most advanced backdoor deployment and websh detection engine ever released, setting a new standard in offensive security tools. Built by underground experts, it hunts, kills, and controls websh with surgical precision. Whether you’re planting persistent access or sweeping for hidden threats, our team delivers unmatched speed,and power.

“With the latest bdrs and cutting-edge detection, it rips through hidden shlls, bypasses filters, and exposes everything in its path”

/json_data/set_pwd?lev=2&pass=exploitedbycodeb0ss

{VIP} Wordpress Private Local File Inclusion [LFI] vulnerability


Its a kind of local in vulnerability that you can use to exp WordPress sites, the vulnerability and exp both of them are unpatched and the new founded by us.


This exploit are free for all our VIP members/Access.

Proof:

This vuln is only exp when the plugin has not been connected to a MainWP Dashboard and the (Require unique sec ID) option is not enabled it is disabled by default.